Overview

overview

10

Static

static

3

8be4b59779...18.exe

windows7-x64

10

8be4b59779...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 20:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8be4b597791b05a1c5f690f0a4407d2e_JaffaCakes118.exe

  • Size

    49KB

  • MD5

    8be4b597791b05a1c5f690f0a4407d2e

  • SHA1

    2ce923936bf67891fc32fdf6aaff018c9885d53b

  • SHA256

    f7fd13d115b277b9eed6d13512a8db4041bb07d6f94a3989d2ec43dac9e4791c

  • SHA512

    277f05d5ccf9ccd8b738dc41315a6b1f6d11adea2aa954d3f73c9aac0ca7920ee235ea5e75dca97ac31c21e93181cc56c6cf6aea0ca441441cc9cc556107193b

  • SSDEEP

    768:EnQje5SMCj8rlhWrarTCFxNVDkEHbyobb59ZJuRbvIh2XCeQM2iJc9PA:65S58aWHgxNVDZ7T5duRbvy9vPA

Score
10/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8be4b597791b05a1c5f690f0a4407d2e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8be4b597791b05a1c5f690f0a4407d2e_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2548

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c8f74b0d65789f3da673d4dbd85f21c7

          SHA1

          f3708f4a38af7bdf29e9ee1e4bdbff3f0b16921c

          SHA256

          5d5f3155136f86d62f95edc35b74b0b22572fed78a1340bdef074388aa339562

          SHA512

          e3afd9e774d71ef6dbfa0c1879b0e63b25173a725fe3436bdb8d93414a17526af149650cafde2a43f5ae6aa7fa4048445240713592731061186bcfd821e271f2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ab293513d76b41050562e83a042a9828

          SHA1

          aae799b7b71af4c08a5641c0067fe2b37bce68c1

          SHA256

          21725b5a7fbf991c53d8ef0822188e8cf8ebbf2a65d7901bf5e9c5c83b28b765

          SHA512

          fb085f08ba5ddab68855540c807b1077aa39bf8aeabec7db175a11fcdde715e40047f13904ad7f2acdbf315bbbcc5945778ee8e1bec9cdfc2da7d36abcf0b8db

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7dc2b1eb5a487d94dfeedade3f3512d2

          SHA1

          106465e0a6ce6609d0a9c30b000ae9b93ba52b3f

          SHA256

          a05facb29b2027da40ed32142061a82732d18f5ce4f5d299c85425c60ffd3639

          SHA512

          fe57d117c1c8da8157387bde5ed2a28dec5a34a20227e588dd30b434e09dc77662ea9a8c6cb8787a32eb11733cf1c65fe181208c2f3e51af8da348829a22c132

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f4ad3e4c44e7a33c954e8f843d7a4e87

          SHA1

          f428b53af6c4d9b237b6bd72104fa627571a5bba

          SHA256

          07bed5cf2620130be71e446e006ea612fe184b3ae8fe4e3099150946d3fe1872

          SHA512

          7733dc586a103cbd1de8389dee0c0e6c13dba3b505fd0c31b9d5c198d3dfd1bc3ca28a3d2c2514d1b6c2902c5efa4dc4d241bda1f0401a3f24700ab8e88ae119

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          02b9d614edec525b0e87969e4d9a5d93

          SHA1

          07f550b624ecd28165a4aaf12156511d323a2775

          SHA256

          69a15e33779158fcfc89ca4f8e8d422d97454e1be8c638dadf953cf01d60a5ff

          SHA512

          0f5bbcffcad2d4a246d8403285a837e9695d70aa84ef5b2a38fa0a1b1593ce60d5ae03c78b5811966b0e64969b178e0183c6fd40660c7f47f195e3f79fdfa554

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1bfd732783a21d6f329ce7c7b67fe1c8

          SHA1

          dbb94e98fe336f78d07fbd4d2edcd1572314b5df

          SHA256

          2f2284efae87d701f66709597b55bc54a764756134e62538a3670c93e77ed80c

          SHA512

          3158011957cbea66e1a852111aa8474cf1fdfcd78837832db459fbb0c6e13b8e653a214a300351da08077d180242a0fc1e521972c9b2fb42ba128ca788b85b3e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          062b9ea37d6fbd2065d1ff3e2ab2c0f3

          SHA1

          377aa402acac6ab18a4620c39957daefd7373811

          SHA256

          ca6d72dda525d60428d0fcb36bc01b0d5fb7186ccda1c8e3fb5279acd73429f9

          SHA512

          83d6cf9608ae2a25e4161fb2db7d6128fc5f0d5c17ba07bc3f5c0d531d639cbc0bb5f712d2b956ef9ace31ced76c5cecb03f24e55334e4c6f3e05e8e1f2bb8fc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dc9b347075aed273b10afe6caa86b6c3

          SHA1

          f30a7aa8e098081ca69769f4f5e84d491c5ecf8a

          SHA256

          c5fb3e57a4f3effa5f822627929875877639eac2d3ff6945f5eaf776310fe9a3

          SHA512

          df2fc873793ea242ee2f9cb0de50733cd91163ae6154c6cbb9e9dc9298686ce5df4f9563a6a91d91d57d33243f34b660a974881fac57dc613c68dd39949cf6cd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aa17f96ca642416c43ef21b7e47d1015

          SHA1

          c30110056ad31fdada0a0192cbb080bfa215f4e3

          SHA256

          a68fce28459d5fe727b14f2c0306488bd49d15afd255ba3835b6ab52d16b60a3

          SHA512

          d8322ba1fea01900ae6b5a7e5d0e31f5dbc581df9e462e867255f6fe0f7649ef95087ab99619625c05c773ba248b597930340a3507363075d1303fb7a1642d78

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab76C7.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar7739.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Windows\SysWOW64\0070.DLL
          Filesize

          37KB

          MD5

          67841544563cccfe4af2bddb9387b8e0

          SHA1

          33aece4df3af4dc2e12f9c25752725d1957767ec

          SHA256

          0ced73ea2ffceb9d8004b2f61439691b4dc54a88ce6ed6359fb6b1d0ae09ba16

          SHA512

          e84400fd9837ce132ae69e1fb8419fbdf9ec8c960a84aad6dda93cfafef2e5c168c4420bb5bb35a198e206a2c069f1ce1ad064d1bac105fa5c999f867d93bc64

          Download Submit

        • memory/2236-0-0x0000000000402000-0x000000000040D000-memory.dmp

          Filesize

          44KB

          Download